CN113785547A - Security transmission method of Profile data and corresponding device - Google Patents

Security transmission method of Profile data and corresponding device Download PDF

Info

Publication number
CN113785547A
CN113785547A CN202080027008.0A CN202080027008A CN113785547A CN 113785547 A CN113785547 A CN 113785547A CN 202080027008 A CN202080027008 A CN 202080027008A CN 113785547 A CN113785547 A CN 113785547A
Authority
CN
China
Prior art keywords
key
profile data
preparation server
management system
subscription management
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202080027008.0A
Other languages
Chinese (zh)
Other versions
CN113785547B (en
Inventor
金辉
刘一帆
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Jetlink Technology Co ltd
Original Assignee
Shenzhen Jetlink Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Jetlink Technology Co ltd filed Critical Shenzhen Jetlink Technology Co ltd
Publication of CN113785547A publication Critical patent/CN113785547A/en
Application granted granted Critical
Publication of CN113785547B publication Critical patent/CN113785547B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/045Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0478Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload applying multiple layers of encryption, e.g. nested tunnels or encrypting the content with a first key and then with at least a second key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0822Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/083Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Storage Device Security (AREA)

Abstract

A safety transmission method of Profile data, a subscription management data preparation server, an operator system, a key management system and an Internet of things terminal provide an online transmission scheme of the Profile, the online transmission scheme is efficient and safe, the process is highly automated, and human intervention is not needed.

Description

Security transmission method of Profile data and corresponding device
Technical Field
The invention relates to a secure transmission method of Profile data, a subscription management data preparation server, an operator system, a key management system and an Internet of things terminal.
Background
The network security problem is an increasingly important problem in the internet era, and especially the protection of personal private data of users is emphasized by each country. Personal user data in the telecommunications industry not only relates to privacy, but also relates to security of individuals in terms of financial property, and particularly, part of data contained in a code number (Profile) is strictly protected by operators through various means. When the SIM card industry enters the era of eSIM and internet of things, the code number of the operator still has a need to be protected by a high standard as a reusable resource.
Disclosure of Invention
The present invention mainly provides a secure transmission method of Profile data, a subscription management data preparation server, an operator system, a key management system, and an internet of things terminal, which are described in detail below.
According to a first aspect, an embodiment provides a method for secure transmission of Profile data, including:
the key management system initiates a key ceremony and creates a pair of key pairs for operators;
the key management system stores the key pair to the hardware security module;
the subscription management data preparation server sends a message for requesting a key to a key management system according to the identifier of the operator;
the key management system initiates a message for requesting a corresponding key to the hardware security module;
the hardware security module returns a public key in the key pair and a corresponding key ID to the key management system;
the key management system returns the received public key and the corresponding key ID to the subscription management data preparation server, and the key ceremony is finished;
an operator sends a message requesting a public key to a subscription management data preparation server, wherein the public key is used for encrypting Profile data;
the subscription management data preparation server selects a corresponding public key according to the operator identifier and returns the public key to the operator;
an operator generates a symmetric key based on a session, encrypts a sensitive part of Profile data by using the symmetric key, encrypts the symmetric key by using a received public key, and then sends the encrypted Profile data and the encrypted symmetric key to a subscription management data preparation server;
the subscription management data preparation server returns a message that the addition of the Profile data is successful to the operator;
the subscription management data preparation server transmits the non-sensitive part in the Profile data to a key management system, and transmits the encrypted sensitive part in the Profile data and a key ID carrying a corresponding public key to the key management system;
the key management system acquires a corresponding protected private key from the hardware security module according to the key ID, decrypts the encrypted symmetric key by using the private key, and decrypts the encrypted sensitive part in the Profile data by using the decrypted symmetric key;
the subscription management data preparation server sends a command for splicing the Profile data to a key management system;
in response to a command for splicing the Profile data, the key management system synthesizes a non-sensitive part in the Profile data and a decrypted sensitive part in the Profile data into a complete Profile data packet;
the subscription management data preparation server sends a command of encrypting the Profile data packet by using a random key to a key management system;
in response to a command for encrypting the Profile data packet by using a random key, the key management system encrypts the whole Profile data packet by using the random key and stores the random key to the hardware security module;
the key management system sends the encrypted Profile data packet and the random key ID to a subscription management data preparation server;
the terminal initiates an InitiateAuthentication request to a subscription management data preparation server;
the subscription management data preparation server returns an InitiateAuthOk to the terminal;
the terminal initiates an authenticateClient request to a subscription management data preparation server;
the subscription management data preparation server returns AuthClientOk to the terminal;
the terminal requests a GetBundProfilePack from a subscription management data preparation server;
the subscription management data preparation server transmits a session key, an encrypted Profile data packet and a random key ID acquired in the interactive process of the subscription management data preparation server and the terminal to a key management system;
the key management system acquires a corresponding protected random key from the hardware security module according to the random key ID, and decrypts the encrypted Profile data packet by using the random key;
the key management system uses a session key to circularly encrypt the decrypted Profile data packet by using an SCP03t algorithm;
the key management system transmits the encrypted and bound Profile data packet to a subscription management data preparation server;
the subscription management data preparation server returns getppok to the terminal.
According to a second aspect, an embodiment provides a method for secure transmission of Profile data, including:
the subscription management data preparation server sends a message requesting a key to the key management system according to the identity of the operator, so that: the key management system initiates a message for requesting a corresponding key to the hardware security module, and receives a public key and a corresponding key ID in a key pair returned by the hardware security module to the key management system; the key of the operator is created for the operator when the key management system initiates a key ceremony and is stored in the hardware security module;
a subscription management data preparation server receives a public key and a corresponding secret key ID returned by a secret key management system;
a subscription management data preparation server receives a message which is sent by an operator and requests a public key, wherein the public key is used for encrypting Profile data;
the subscription management data preparation server selects a corresponding public key according to the operator identification and returns the public key to the operator so that the operator generates a session-based symmetric key, encrypts the sensitive part of the Profile data by using the symmetric key, and encrypts the symmetric key by using the received public key;
the subscription management data preparation server receives encrypted Profile data and an encrypted symmetric key transmitted by an operator;
the subscription management data preparation server transmits the non-sensitive part of the Profile data to the key management system, and transmits the encrypted sensitive part of the Profile data and the key ID carrying the corresponding public key to the key management system, so that: the key management system acquires a corresponding protected private key from the hardware security module according to the key ID, decrypts the encrypted symmetric key by using the private key, decrypts the encrypted sensitive part in the Profile data by using the decrypted symmetric key, and synthesizes the non-sensitive part in the Profile data and the decrypted sensitive part in the Profile data into a complete Profile data packet;
the subscription management data preparation server issues a command to the key management system to encrypt the Profile packet using the random key such that: the key management system encrypts the whole Profile data packet by using a random key and stores the random key to the hardware security module;
the subscription management data preparation server receives the encrypted Profile packet and the random key ID transmitted from the key management system.
In an embodiment, the method for securely transmitting Profile data further includes:
a subscription management data preparation server receives an InitiateAuthentication request initiated by a terminal;
the subscription management data preparation server returns an InitiateAuthOk to the terminal;
a subscription management data preparation server receives an AuthenticateClient request initiated by a terminal;
the subscription management data preparation server returns AuthClientOk to the terminal;
the subscription management data preparation server receives a request GetBundProfilePack initiated by a terminal;
the subscription management data preparation server transmits the session key, the encrypted Profile data packet and the random key ID acquired in the interactive process between the subscription management data preparation server and the terminal to a key management system so as to enable: the key management system acquires a corresponding protected random key from the hardware security module according to the random key ID, decrypts the encrypted Profile data packet by using the random key, and circularly encrypts the decrypted Profile data packet by using a session key by using an SCP03t algorithm;
the subscription management data preparation server receives an encrypted and bound Profile data packet transmitted by a key management system;
the subscription management data preparation server returns getppok to the terminal.
According to a third aspect, an embodiment provides a method for secure transmission of Profile data, including:
an operator sends a message requesting a public key to a subscription management data preparation server, wherein the public key is used for encrypting Profile data; the key pair is created by the key management system after the key pair is created, specifically, the key pair is stored to the hardware security module by the key management system, the subscription management data preparation server sends a message for requesting the key to the key management system according to the identifier of the operator, and the key management system sends a message for requesting the corresponding key to the hardware security module; the hardware security module returns a public key in the key pair and a corresponding key ID to the key management system, the key management system returns the received public key and the corresponding key ID to the subscription management data preparation server, and the key ceremony is finished;
the operator receives a corresponding public key selected according to the operator identity returned by the subscription management data preparation server;
the operator generates a session-based symmetric key, encrypts the sensitive part of the Profile data using the symmetric key, encrypts the symmetric key using the received public key, and then sends the encrypted Profile data and the encrypted symmetric key to the subscription management data preparation server, so that: the subscription management data preparation server transmits the non-sensitive part of the Profile data to the key management system, and transmitting the encrypted sensitive part in the Profile data and the key ID carrying the corresponding public key to a key management system, the key management system obtaining the corresponding protected private key from the hardware security module according to the key ID, decrypting the encrypted symmetric key by using the private key, decrypting the encrypted sensitive part in the Profile data by using the decrypted symmetric key, synthesizing the non-sensitive part in the Profile data and the decrypted sensitive part in the Profile data into a complete Profile data packet, encrypting the whole Profile data packet by using a random key, and storing the random key to the hardware security module, and sending the encrypted Profile data packet and the random key ID to a subscription management data preparation server.
In an embodiment, after the encrypted Profile data packet is sent to the subscription management data preparation server, the following steps can be performed:
a subscription management data preparation server receives an InitiateAuthentication request initiated by a terminal;
the subscription management data preparation server returns an InitiateAuthOk to the terminal;
a subscription management data preparation server receives an AuthenticateClient request initiated by a terminal;
the subscription management data preparation server returns AuthClientOk to the terminal;
the subscription management data preparation server receives a request GetBundProfilePack initiated by a terminal;
the subscription management data preparation server transmits the session key, the encrypted Profile data packet and the random key ID acquired in the interactive process between the subscription management data preparation server and the terminal to a key management system so as to enable: the key management system acquires a corresponding protected random key from the hardware security module according to the random key ID, decrypts the encrypted Profile data packet by using the random key, and circularly encrypts the decrypted Profile data packet by using a session key by using an SCP03t algorithm;
the subscription management data preparation server receives an encrypted and bound Profile data packet transmitted by a key management system;
the subscription management data preparation server returns getppok to the terminal.
According to a fourth aspect, an embodiment provides a method for secure transmission of Profile data, including:
the key management system initiates a key ceremony and creates a pair of key pairs for operators;
the key management system stores the key pair to the hardware security module;
the key management system receives a message of requesting a key sent by a subscription management data preparation server according to the identifier of an operator;
the key management system initiates a message for requesting a corresponding key to the hardware security module;
the key management system receives a public key and a corresponding key ID in a key pair returned by the hardware security module;
the key management system returns the received public key and the corresponding key ID to the subscription management data preparation server, and the key ceremony is finished;
the key management system receives a non-sensitive part in the Profile data transmitted by the subscription management data preparation server, an encrypted sensitive part in the Profile data and a key ID carrying a corresponding public key; wherein the non-sensitive part in the Profile data, the encrypted sensitive part in the Profile data, and the key ID carrying the corresponding public key are received by the subscription management data preparation server from the operator, specifically: an operator sends a message requesting a public key to a subscription management data preparation server, wherein the public key is used for encrypting Profile data; the subscription management data preparation server selects a corresponding public key according to the operator identifier and returns the public key to the operator; an operator generates a symmetric key based on a session, encrypts a sensitive part of Profile data by using the symmetric key, encrypts the symmetric key by using a received public key, and then sends the encrypted Profile data and the encrypted symmetric key to a subscription management data preparation server;
the key management system acquires a corresponding protected private key from the hardware security module according to the key ID, decrypts the encrypted symmetric key by using the private key, and decrypts the encrypted sensitive part in the Profile data by using the decrypted symmetric key;
the key management system synthesizes the non-sensitive part in the Profile data and the decrypted sensitive part in the Profile data into a complete Profile data packet;
the key management system receives a command which is sent by a subscription management data preparation server and used for encrypting the Profile data packet by using a random key;
the key management system encrypts the whole Profile data packet by using a random key and stores the random key to the hardware security module;
and the key management system sends the encrypted Profile data packet and the random key ID to a subscription management data preparation server.
In one embodiment, the key management system sends the encrypted Profile packet and the random key ID to the subscription management data preparation server, so that:
a subscription management data preparation server receives an InitiateAuthentication request initiated by a terminal;
the subscription management data preparation server returns an InitiateAuthOk to the terminal;
a subscription management data preparation server receives an AuthenticateClient request initiated by a terminal;
the subscription management data preparation server returns AuthClientOk to the terminal;
the subscription management data preparation server receives a request GetBundProfilePack initiated by a terminal;
the subscription management data preparation server transmits the session key, the encrypted Profile data packet and the random key ID acquired in the interactive process between the subscription management data preparation server and the terminal to a key management system so as to enable: the key management system acquires a corresponding protected random key from the hardware security module according to the random key ID, decrypts the encrypted Profile data packet by using the random key, and circularly encrypts the decrypted Profile data packet by using a session key by using an SCP03t algorithm;
the subscription management data preparation server receives an encrypted and bound Profile data packet transmitted by a key management system;
the subscription management data preparation server returns getppok to the terminal.
According to a fifth aspect, an embodiment provides a method for secure transmission of Profile data, including:
the terminal initiates an InitiateAuthentication request to a subscription management data preparation server;
the terminal receives the InitiateAuthok returned by the subscription management data preparation server;
the terminal initiates an authenticateClient request to a subscription management data preparation server;
the terminal receives AuthClientOk returned by the subscription management data preparation server;
the terminal requests getbackprofilepacket from the subscription management data preparation server so that: the subscription management data preparation server transmits a session key, an encrypted Profile data packet and a random key ID acquired in the process of interacting with the terminal to a key management system, the key management system acquires a corresponding protected random key from a hardware security module according to the random key ID, decrypts the encrypted Profile data packet by using the random key, encrypts the decrypted Profile data packet by using SCP03t algorithm by using session key circulation, and transmits the encrypted and bound Profile data packet to the subscription management data preparation server, so that the subscription management data preparation server can return GetBupOk to the terminal;
the terminal receives getppok returned by the subscription management data preparation server.
In an embodiment, the encrypted Profile data packet is obtained through the following steps:
the key management system initiates a key ceremony and creates a pair of key pairs for operators;
the key management system stores the key pair to the hardware security module;
the subscription management data preparation server sends a message for requesting a key to a key management system according to the identifier of the operator;
the key management system initiates a message for requesting a corresponding key to the hardware security module;
the hardware security module returns a public key in the key pair and a corresponding key ID to the key management system;
the key management system returns the received public key and the corresponding key ID to the subscription management data preparation server, and the key ceremony is finished;
an operator sends a message requesting a public key to a subscription management data preparation server, wherein the public key is used for encrypting Profile data;
the subscription management data preparation server selects a corresponding public key according to the operator identifier and returns the public key to the operator;
an operator generates a symmetric key based on a session, encrypts a sensitive part of Profile data by using the symmetric key, encrypts the symmetric key by using a received public key, and then sends the encrypted Profile data and the encrypted symmetric key to a subscription management data preparation server;
the subscription management data preparation server returns a message that the addition of the Profile data is successful to the operator;
the subscription management data preparation server transmits the non-sensitive part in the Profile data to a key management system, and transmits the encrypted sensitive part in the Profile data and a key ID carrying a corresponding public key to the key management system;
the key management system acquires a corresponding protected private key from the hardware security module according to the key ID, decrypts the encrypted symmetric key by using the private key, and decrypts the encrypted sensitive part in the Profile data by using the decrypted symmetric key;
the subscription management data preparation server sends a command for splicing the Profile data to a key management system;
in response to a command for splicing the Profile data, the key management system synthesizes a non-sensitive part in the Profile data and a decrypted sensitive part in the Profile data into a complete Profile data packet;
the subscription management data preparation server sends a command of encrypting the Profile data packet by using a random key to a key management system;
in response to a command for encrypting the Profile data packet by using a random key, the key management system encrypts the whole Profile data packet by using the random key and stores the random key to the hardware security module;
and the key management system sends the encrypted Profile data packet and the random key ID to a subscription management data preparation server.
According to a sixth aspect, an embodiment provides a subscription management data preparation server comprising:
a memory for storing a program;
a processor, configured to execute the program stored in the memory to implement the method for secure transmission of Profile data according to any embodiment of the present disclosure.
According to a seventh aspect, an embodiment provides an operator system comprising:
a memory for storing a program;
a processor, configured to execute the program stored in the memory to implement the method for secure transmission of Profile data according to any embodiment of the present disclosure.
According to an eighth aspect, an embodiment provides a key management system comprising:
a memory for storing a program;
a processor, configured to execute the program stored in the memory to implement the method for secure transmission of Profile data according to any embodiment of the present disclosure.
According to a ninth aspect, an embodiment provides an internet of things terminal, comprising:
a memory for storing a program;
a processor, configured to execute the program stored in the memory to implement the method for secure transmission of Profile data according to any embodiment of the present disclosure.
According to a tenth aspect, an embodiment provides a computer-readable storage medium comprising a program executable by a processor to implement the method for secure transmission of Profile data as described in any of the embodiments herein.
Drawings
Fig. 1 is a schematic diagram of the interaction between a key management system, a subscription management data preparation server, an operator and a terminal in one embodiment;
FIG. 2 is an interaction flow diagram illustrating the secure transmission of a code number from an operator to a subscription manager data preparation server, according to an embodiment;
fig. 3 is a flowchart illustrating a process of downloading standard GSMA Profile by a terminal according to an embodiment;
FIG. 4 is a flow diagram of a method for secure transmission of Profile data according to one embodiment;
FIG. 5 is a flow diagram of a method for secure transmission of Profile data according to one embodiment;
FIG. 6 is a block diagram of a subscription management data preparation server according to an embodiment;
FIG. 7 is a flow diagram of a method for secure transmission of Profile data according to one embodiment;
FIG. 8 is a flow diagram of a method for secure transmission of Profile data according to one embodiment;
FIG. 9 is a block diagram of an exemplary operator system;
FIG. 10 is a flow diagram of a method for secure transmission of Profile data according to one embodiment;
FIG. 11 is a block diagram of a key management system according to an embodiment;
FIG. 12 is a flow diagram of a method for secure transmission of Profile data according to one embodiment;
fig. 13 is a schematic structural diagram of an internet of things terminal according to an embodiment;
fig. 14 is a flowchart of a method for secure transmission of Profile data according to an embodiment.
Detailed Description
The present invention will be described in further detail with reference to the following detailed description and accompanying drawings. Wherein like elements in different embodiments are numbered with like associated elements. In the following description, numerous details are set forth in order to provide a better understanding of the present application. However, those skilled in the art will readily recognize that some of the features may be omitted or replaced with other elements, materials, methods in different instances. In some instances, certain operations related to the present application have not been shown or described in detail in order to avoid obscuring the core of the present application from excessive description, and it is not necessary for those skilled in the art to describe these operations in detail, so that they may be fully understood from the description in the specification and the general knowledge in the art.
Furthermore, the features, operations, or characteristics described in the specification may be combined in any suitable manner to form various embodiments. Also, the various steps or actions in the method descriptions may be transposed or transposed in order, as will be apparent to one of ordinary skill in the art. Thus, the various sequences in the specification and drawings are for the purpose of describing certain embodiments only and are not intended to imply a required sequence unless otherwise indicated where such sequence must be followed.
The numbering of the components as such, e.g., "first", "second", etc., is used herein only to distinguish the objects as described, and does not have any sequential or technical meaning. The term "connected" and "coupled" when used in this application, unless otherwise indicated, includes both direct and indirect connections (couplings).
Some of the concepts involved herein are explained first.
SIM is an abbreviation of Subscriber Identity Module, and chinese is an Identity authentication Module, i.e. a SIM card in the usual sense, which is a kind of universal integrated circuit card and is used to authenticate a legitimate user of an operator network through the Module.
UICC is an abbreviation of Universal Integrated Circuit Card, which means a Universal Integrated Circuit Card, and for example, the above mentioned communication SIM Card, financial bank Card, bus Card, etc. are all Universal Integrated Circuit cards.
eUICC is a further abbreviation derived from embedded UICC, referring to a pluggable or embedded universal integrated circuit card, commonly referred to as eSIM card, that supports remote and local management of Profile in a secure manner.
EID is a further abbreviation for eUICC ID, referring to the unique identification of an eUICC card.
The english interpretation of Profile is: a combination of data and applications to be rendered on an SIM or eUICC for the purpose of rendering services; profile refers to the corresponding data and applications that can be installed and stored inside a common SIM card or eUICC card in order to provide certain services.
The LPA, an abbreviation of Local Profile Assistant, is the meaning of Local Profile Assistant, and its functions include assisting Profile download, Profile management (including Profile enable, Profile close, Profile delete, Profile information query), and providing a Profile management interface.
SM-DP + is an abbreviation for Subscription Manager Data Preparation Plus, Chinese for Subscription management Data Preparation server, the main functions are to prepare Profile, encrypt, store and distribute Profile to specified EID securely. And binding an encrypted Profile, and safely issuing the Profile to the eUICC through the LPA.
The MNO is an abbreviation of Mobile Network Operator, and means a Mobile Operator, which may be, for example, an Operator in china Mobile, china unicom, overseas various countries, and the like, and is used to provide Mobile Network services including voice, short message, data, and the like to a user.
The GSM Association is an international telecommunications union, and the main participants include operators, card merchants, terminal equipment manufacturers, and the like, and are responsible for the overall technical standard specification and unified coordination in the fields of communication, Profile, core network, and the like.
HSM is an abbreviation for Hardware Security Module, a computer Hardware device used to secure and manage digital keys used by strong authentication systems, and to provide related cryptographic operations as well. The hardware security module is typically connected directly to the computer or network server in the form of an expansion card or external device.
KMS is an abbreviation of Key Management System, and refers to a Key Management System.
Symmetric Key, English is symmetry Key. Symmetric key encryption is also called private key encryption or shared key encryption, i.e. both parties sending and receiving data must use the same key to encrypt and decrypt the plaintext. The symmetric key encryption algorithm mainly comprises the following steps: DES, 3DES, AES, RC5, RC6, etc.
Asymmetric Cryptography, Asymmetric Cryptography in english, is an algorithm of Cryptography that requires two keys, one is a Public Key (Public Key) and the other is a Private Key (Private Key); the public key is used for encryption and the private key is used for decryption. The cipher text obtained after encrypting the plaintext by using the public key can be decrypted only by using the corresponding private key to obtain the original plaintext, and the public key used for encryption at first cannot be used for decryption. Since encryption and decryption require two different keys, it is called asymmetric encryption; unlike symmetric encryption, where both encryption and decryption use the same key. The public key can be published and can be freely issued outwards; the private key cannot be disclosed, must be kept strictly secret by the user himself, must not be provided to anyone through any way, and cannot be disclosed to the other trusted party to communicate. Based on the characteristics of public key encryption, the Digital Signature (Digital Signature) can also provide a Digital Signature function, so that the electronic file can obtain the effect as if the electronic file is signed in person on a paper file.
SFTP, i.e., SSH File Transfer Protocol, also known as Secure File Transfer Protocol, is a Secure File Transfer Protocol, which is a network transmission Protocol for data stream connection and providing File access, transmission and management functions.
Having explained the above concepts, the present invention is explained below.
The current SIM card production line generally writes Profile data into the SIM card in a burning mode; the mode of the operator transmitting the Profile data to the SIM card manufacturer is different, and the storage media used are different, for example, the data is transmitted by using a U-disc or a CD, or by using e-mail or SFTP, and the SIM card manufacturer receives the data and then records the data into the PC database of the SIM card production line.
The prior art has a number of disadvantages. For example, the transmission of the physical medium is time-consuming and easy to lose, and for example, the reception of the Profile data after offline or electronic transmission needs manual intervention to complete, which is inefficient, and for example, the key for protecting the Profile data may be leaked.
A secure transmission scheme for Profile data is described herein for solving the problem that an operator securely passes to a subscription management data preparation server (SM-DP +) of an eSIM at the beginning of a code number transmission to ensure the integrity of subsequent code number distribution in security.
Please refer to fig. 1, which is a schematic diagram of the interaction between the parties.
The key management system KMS mainly provides two functions, one is to access the hardware security module HSM, and the other is to manage all keys and certificates.
The GSMA provider eSIM scheme defines the interface SM-DP + ES2+ for subscribing to a Profile with a carrier, and the interface SM-DP + ES9+ for downloading a Profile with an eUICC, but does not define how SM-DP + communicates a code number Profile with a carrier at the beginning, and in a secure and efficient manner. The SM-DP + is improved, and the improved SM-DP + supplements and perfects the function, on one hand, the Profile data transmitted by an operator is ensured to be safely received, and on the other hand, the SM-DP + is responsible for storing sensitive data by using the encryption function of the KMS so as to be maintained and used later.
Referring to fig. 2, the following description will be made by taking the secure transmission code number (Profile) of the operator to SM-DP + as an example.
(1) The Key management system KMS initiates a Key ceremony, i.e. a Key creation procedure, which creates a pair of Key pairs (keypair) for an operator MNO. The Key pair includes a Public Key (mPK, MNO Public Key) and a Private Key (mSK, MNO Private Key).
It can be understood that the process requires participation of a plurality of persons, such as a key manager and a key administrator, in logging in the KMS with the own account number and password respectively, and the operation details of each person are not shown here. The key ceremony needs a plurality of safety personnel to participate, the safety balance in the aspect of system is realized on the technical basis, and the key can not be stolen and revealed from the source.
(2) The key management system KMS saves the key pair to the hardware security module HSM. So far, the content of the key itself cannot be broken by the outside world.
(3) The subscription management data preparation server SM-DP + sends a message requesting a key to the key management system KMS, according to the identity of the operator MNO.
(4) The key management system KMS initiates a message for requesting a corresponding key to the hardware security module HSM;
(5) the hardware security module HSM returns a Public Key (mPK, MNO Public Key) in the Key pair and a corresponding Key ID (KID, Key Identity) to the Key management system KMS;
(6) the key management system KMS returns the received public key mPK and the corresponding key ID to the subscription management data preparation server SM-DP +, the key ceremony is completed, and the subsequent code number data (Profile) addition action does not require repetition of the key ceremony.
(7) The operator MNO sends a public key mPK requesting encryption of Profile data to the subscription management data preparation server SM-DP +.
(8) The subscription management data preparation server SM-DP + selects the corresponding public key mPK and returns it to the operator MNO, according to the operator MNO identity.
(9) The operator MNO generates a Session (Session) based symmetric Key (AES Key) and uses the symmetric Key to encrypt the sensitive part of the Profile data, and uses the received public Key mPK to encrypt the symmetric Key AES Key, and then sends the encrypted Profile data and the encrypted symmetric Key AES Key to the subscription management data preparation server SM-DP +.
(10) The subscription management data preparation server SM-DP + returns a message to the operator MNO that the Profile data addition was successful.
(11) The subscription management data preparation server SM-DP + transmits the non-sensitive part of the Profile data to the key management system KMS.
(12) The subscription management data preparation server SM-DP + transmits the encrypted sensitive part of the Profile data and the key ID carrying the corresponding public key mPK to the key management system KMS.
(13) The Key management system KMS obtains the corresponding protected Private Key (mSK, MNO Private Key) from the hardware security module HSM according to the Key ID — understandably, the Private Key is protected because it is stored in the hardware security module HSM; the private Key mSK is used for decrypting the encrypted symmetric Key AES Key, and then the decrypted symmetric Key AES Key is used for decrypting the encrypted sensitive part in the Profile data.
Since the non-sensitive part and the sensitive part in the Profile data may appear alternately, the flow formed by the step (11) and the steps (12) and (13) is actually executed alternately in a loop, so that all the non-sensitive parts and all the decrypted sensitive parts in the Profile data are finally present in the key management system KMS.
(14) The subscription management data preparation server SM-DP + issues a command to splice the Profile data to the key management system KMS.
(15) In response to the command for splicing the Profile data, the key management system KMS synthesizes the non-sensitive part of the Profile data and the decrypted sensitive part of the Profile data into a complete Profile data packet (Package).
(16) The subscription management data preparation server SM-DP + issues a command to encrypt the Profile data packet using a Random Key (Random Key) to the Key management system KMS;
(17) in response to the command for encrypting the Profile data packet by using the Random Key, the Key management system KMS encrypts the entire Profile data packet by using the Random Key, and stores the Random Key to the hardware security module HSM.
(18) And the key management system KMS sends the encrypted Profile data packet and the random key ID to a subscription management data preparation server SM-DP + so as to complete the secure transmission of the Profile.
Referring to fig. 3, the following does not take the procedure of downloading the standard GSMA Profile by the terminal, such as the terminal of the internet of things, as an example, to describe how to implement the present invention.
The Profile can be installed and stored in the eUICC card of the terminal, and in particular, the Profile downloading, the Profile management (including Profile enabling, Profile closing, Profile deleting, Profile information querying) and the Profile management interface providing can be assisted by the LPA of the terminal.
(1) The terminal initiates an InitiateAuthentication request to the subscription management data preparation server SM-DP +.
(2) The subscription management data preparation server SM-DP + returns an initiateauthOk to the terminal;
(3) the terminal initiates an authenticateClient request to a subscription management data preparation server SM-DP +;
(4) the subscription management data preparation server SM-DP + returns AuthClientOk to the terminal;
(5) the terminal requests a GetBundProfilePack from a subscription management data preparation server SM-DP +;
(6) the subscription management data preparation server SM-DP + has acquired the Session key keysin the above-described interactive steps with the terminal (i.e., two interactive processes of the InitiateAuthentication request to the InitiateAuthOk, and the autocunctie client request to the autoclientook), and thus the subscription management data preparation server SM-DP + transmits the Session key keysin, the encrypted Profile packet, or the Protected Profile packet (PPP, Protected Profile Package), and the random key ID to the key management system KMS.
(7) The Key management system KMS obtains a corresponding protected Random Key from the hardware security module HSM according to the Random Key ID — understandably, the Random Key is stored in the hardware security module HSM, so that the Random Key is protected; and decrypting the PPP by using the Random Key to obtain a decrypted Profile data packet or an Unprotected Profile data packet (UPP)
(8) The key management system KMS uses the Session key Keys loop mentioned in (6) to encrypt the UPP using the SCP03t algorithm.
(9) The key management system KMS transmits the encrypted and Bound Profile Packet (BPP) to the subscription management data preparation server SM-DP +.
(10) The subscription management data preparation server SM-DP + returns getppok to the terminal.
In the above flow, steps (1), (2), (3), (4), (5), (9) and (10) are all Profile download flow steps of the standard eUICC provider eSIM scheme established by GSMA.
It can be seen that some embodiments of the present invention provide an online transmission scheme for Profile, which is efficient and safe, and the process is highly automated without human intervention.
In some embodiments of the present invention, a hardware security module HSM is also introduced, which ensures that the key is not revealed or cracked.
In some embodiments of the present invention, a method for securely transmitting Profile data is disclosed, which is specifically described below.
Referring to fig. 4, in some embodiments, a method for securely transmitting Profile data includes the following steps:
step 100: the key management system KMS initiates a key ceremony, creating a pair of key pairs for the operator MNO.
Step 101: the key management system KMS saves the key pair to the hardware security module HSM.
Step 103: the subscription management data preparation server SM-DP + sends a message requesting a key to the key management system KMS, according to the identity of the operator MNO.
Step 105: the key management system KMS initiates a message to the hardware security module HSM requesting the corresponding key.
Step 107: the hardware security module HSM returns the public key in the key pair and the corresponding key ID to the key management system KMS.
Step 109: the key management system KMS returns the received public key and the corresponding key ID to the subscription management data preparation server SM-DP +, and the key ceremony is completed.
Step 111: the operator MNO sends a message to the subscription management data preparation server SM-DP + requesting a public key, which is used to encrypt Profile data.
Step 113: and the subscription management data preparation server SM-DP + selects a corresponding public key according to the identifier of the operator MNO and returns the public key to the operator MNO.
Step 115: the operator MNO generates a session-based symmetric key and uses the symmetric key to encrypt the sensitive part of the Profile data, and uses the received public key to encrypt the symmetric key, and then sends the encrypted Profile data and the encrypted symmetric key to the subscription management data preparation server SM-DP +.
Step 117: the subscription management data preparation server SM-DP + returns a message to the operator MNO that the Profile data addition was successful.
Step 119: the subscription management data preparation server SM-DP + transmits the non-sensitive part of the Profile data to the key management system KMS and transmits the encrypted sensitive part of the Profile data and the key ID carrying the corresponding public key to the key management system KMS.
Step 121: and the key management system KMS acquires a corresponding protected private key from the hardware security module HSM according to the key ID, decrypts the encrypted symmetric key by using the private key, and decrypts the encrypted sensitive part in the Profile data by using the decrypted symmetric key.
Step 123: the subscription management data preparation server SM-DP + issues a command to splice the Profile data to the key management system KMS.
Step 125: in response to the command for splicing the Profile data, the key management system KMS synthesizes the non-sensitive part of the Profile data and the decrypted sensitive part of the Profile data into a complete Profile data packet.
Step 127: the subscription management data preparation server SM-DP + issues a command to the key management system KMS to encrypt the Profile data packet using the random key.
Step 129: in response to the command for encrypting the Profile data packet by using the random key, the key management system KMS encrypts the entire Profile data packet by using the random key, and stores the random key to the hardware security module HSM.
Step 131: the key management system KMS sends the encrypted Profile data packet and the random key ID to the subscription management data preparation server SM-DP +.
Referring to fig. 5, in some embodiments, the method for securely transmitting Profile data further includes the following steps:
step 140: the terminal initiates an InitiateAuthentication request to a subscription management data preparation server SM-DP +;
step 141: the subscription management data preparation server SM-DP + returns an initiateauthOk to the terminal;
step 143: the terminal initiates an authenticateClient request to a subscription management data preparation server SM-DP +;
step 145: the subscription management data preparation server SM-DP + returns AuthClientOk to the terminal;
step 147: the terminal requests a GetBundProfilePack from a subscription management data preparation server SM-DP +;
step 149: the subscription management data preparation server SM-DP + transmits a session key, an encrypted Profile data packet and a random key ID acquired by the interaction process (namely two interaction processes of an InitiateAuthentication request to an initiateauthOk and an autoclientClient request to an AuthClientOk) between the subscription management data preparation server SM-DP + and a terminal to a key management system KMS;
step 151: the key management system KMS acquires a corresponding protected random key from the hardware security module HSM according to the random key ID, and decrypts the encrypted Profile data packet by using the random key;
step 153: the key management system KMS uses a session key to circularly encrypt the decrypted Profile data packet by using an SCP03t algorithm;
step 155: the key management system KMS transmits the encrypted and bound Profile data packet to a subscription management data preparation server SM-DP +;
step 157: the subscription management data preparation server SM-DP + returns getppok to the terminal.
Referring to fig. 6, some embodiments disclose a subscription management data preparation server SM-DP +, comprising a memory 10 and a processor 11; the memory 10 is used for storing programs; the processor 11 is configured to execute the method for securely transmitting Profile data according to any embodiment of the program stored in the memory 10, for example, referring to fig. 7, the processor 11 can execute the following steps, or the method for securely transmitting Profile data executed by the processor 11 may include the following steps:
step 200: the subscription management data preparation server SM-DP + sends a message requesting a key to the key management system KMS, according to the identity of the operator MNO, so that: the key management system KMS initiates a message for requesting a corresponding key to the hardware security module HSM, and receives a public key and a corresponding key ID in a key pair returned by the hardware security module HSM to the key management system KMS; wherein the keys of the operator MNO are created for the operator MNO when the key management system KMS initiates the key ceremony and saved to the hardware security module HSM.
Step 201: the subscription management data preparation server SM-DP + receives the public key and the corresponding key ID returned by the key management system KMS.
Step 203: the subscription management data preparation server SM-DP + receives a message sent by the operator MNO requesting a public key, which is used to encrypt Profile data.
Step 205: and the subscription management data preparation server SM-DP + selects a corresponding public key according to the identifier of the operator MNO and returns the public key to the operator MNO, so that the operator MNO generates a session-based symmetric key, encrypts the sensitive part of the Profile data by using the symmetric key, and encrypts the symmetric key by using the received public key.
Step 207: the subscription management data preparation server SM-DP + receives the encrypted Profile data and the encrypted symmetric key transmitted by the operator MNO.
Step 209: the subscription management data preparation server SM-DP + transmits the non-sensitive part of the Profile data to the key management system KMS and transmits the encrypted sensitive part of the Profile data and the key ID carrying the corresponding public key to the key management system KMS, so that: the key management system KMS acquires a corresponding protected private key from the hardware security module HSM according to the key ID, decrypts the encrypted symmetric key by using the private key, decrypts the encrypted sensitive part in the Profile data by using the decrypted symmetric key, and synthesizes the non-sensitive part in the Profile data and the decrypted sensitive part in the Profile data into a complete Profile data packet.
Step 211: the subscription management data preparation server SM-DP + issues a command to the key management system KMS to encrypt the Profile data packet using the random key, so that: the key management system KMS encrypts the entire Profile data packet using the random key, and stores the random key to the hardware security module HSM.
Step 213: the subscription management data preparation server SM-DP + receives the encrypted Profile data packet and the random key ID transmitted by the key management system KMS.
Referring to fig. 8, in some embodiments, the processor 11 can further perform the following steps, or the method for performing secure transmission of Profile data may further include the following steps:
step 220: the subscription management data preparation server SM-DP + receives an InitiateAuthentication request initiated by the terminal.
Step 221: the subscription management data preparation server SM-DP + returns the InitiateAuthOk to the terminal.
Step 223: the subscription management data preparation server SM-DP + receives an AuthenticateClient request initiated by the terminal.
Step 225: the subscription management data preparation server SM-DP + returns AuthClientOk to the terminal;
step 227: the subscription management data preparation server SM-DP + receives a request getbackprofilepage initiated by the terminal.
Step 229: the subscription management data preparation server SM-DP + transmits the session key, the encrypted Profile packet, and the random key ID acquired by the interactive process with the terminal (i.e., two interactive processes of InitiateAuthentication request to InitiateAuthOk, and autocatalercClient request to autoclientok) to the key management system KMS, so that: and the key management system KMS acquires a corresponding protected random key from the hardware security module HSM according to the random key ID, decrypts the encrypted Profile data packet by using the random key, and circularly encrypts the decrypted Profile data packet by using a session key by using an SCP03t algorithm.
Step 231: the subscription management data preparation server SM-DP + receives the encrypted and bound Profile data packet transmitted by the key management system KMS.
Step 233: the subscription management data preparation server SM-DP + returns getppok to the terminal.
Referring to fig. 9, some embodiments disclose a carrier system comprising a memory 20 and a processor 21; the memory 20 is used for storing programs; the processor 21 is configured to execute the method for securely transmitting Profile data according to any embodiment of the program stored in the memory 20, for example, referring to fig. 10, the processor 21 can execute the following steps, or the executed method for securely transmitting Profile data may include the following steps:
step 300: an operator MNO or an operator system sends a message for requesting a public key to a subscription management data preparation server SM-DP +, wherein the public key is used for encrypting Profile data; the key management system KMS sends a key request message to the key management system KMS according to the identifier of the operator MNO, and the key management system KMS sends a message for requesting a corresponding key to the hardware security module HSM; the hardware security module HSM returns a public key and a corresponding key ID in the key pair to the key management system KMS, the key management system KMS returns the received public key and the corresponding key ID to the subscription management data preparation server SM-DP +, and the key ceremony is completed.
Step 301: the operator MNO receives the corresponding public key selected according to the operator MNO identity, returned by the subscription management data preparation server SM-DP +.
Step 303: the operator MNO generates a session-based symmetric key and uses it to encrypt the sensitive part of the Profile data, and encrypts it using the received public key, and then sends the encrypted Profile data and the encrypted symmetric key to the subscription management data preparation server SM-DP +, so that: the subscription management data preparation server SM-DP + transmits the non-sensitive parts of the Profile data to the key management system KMS, and transmitting the encrypted sensitive part in the Profile data and the key ID carrying the corresponding public key to a key management system KMS, acquiring the corresponding protected private key from the hardware security module HSM according to the key ID by the key management system KMS, decrypting the encrypted symmetric key by using the private key, decrypting the encrypted sensitive part in the Profile data by using the decrypted symmetric key, synthesizing the non-sensitive part in the Profile data and the decrypted sensitive part in the Profile data into a complete Profile data packet, encrypting the whole Profile data packet by using a random key, and storing the random key to the hardware security module HSM, and sending the encrypted Profile data packet and the random key ID to a subscription management data preparation server SM-DP +. In some embodiments, after the encrypted Profile packet is sent to the subscription management data preparation server SM-DP +, the subscription management data preparation server SM-DP + can perform the method flow and steps shown in fig. 8.
Referring to fig. 11, some embodiments disclose a key management system KMS, comprising a memory 30 and a processor 31; the memory 30 is used for storing programs; the processor 31 is configured to execute the method for securely transmitting Profile data according to any embodiment of the program stored in the memory 30, for example, referring to fig. 12, the processor 31 can execute the following steps, or the method for securely transmitting Profile data executed by the processor 31 may include the following steps:
step 400: the key management system KMS initiates a key ceremony, creating a pair of key pairs for the operator MNO.
Step 401: the key management system KMS saves the key pair to the hardware security module HSM.
Step 403: the key management system KMS receives a message requesting a key sent by the subscription management data preparation server SM-DP + according to the identity of the operator MNO.
Step 405: the key management system KMS initiates a message to the hardware security module HSM requesting the corresponding key.
Step 407: and the key management system KMS receives the public key and the corresponding key ID in the key pair returned by the hardware security module HSM.
Step 409: the key management system KMS returns the received public key and the corresponding key ID to the subscription management data preparation server SM-DP +, and the key ceremony is completed.
Step 411: the key management system KMS receives a non-sensitive part in the Profile data transmitted by the subscription management data preparation server SM-DP +, an encrypted sensitive part in the Profile data and a key ID carrying a corresponding public key; wherein the non-sensitive part in the Profile data, the encrypted sensitive part in the Profile data, and the key ID carrying the corresponding public key are received by the subscription management data preparation server SM-DP + from the operator MNO, specifically: an operator MNO sends a message for requesting a public key to a subscription management data preparation server SM-DP +, wherein the public key is used for encrypting Profile data; the subscription management data preparation server SM-DP + selects a corresponding public key according to the identifier of the operator MNO and returns the public key to the operator MNO; the operator MNO generates a session-based symmetric key and uses the symmetric key to encrypt the sensitive part of the Profile data, and uses the received public key to encrypt the symmetric key, and then sends the encrypted Profile data and the encrypted symmetric key to the subscription management data preparation server SM-DP +.
Step 413: and the key management system KMS acquires a corresponding protected private key from the hardware security module HSM according to the key ID, decrypts the encrypted symmetric key by using the private key, and decrypts the encrypted sensitive part in the Profile data by using the decrypted symmetric key.
Step 415: the key management system KMS synthesizes the non-sensitive part in the Profile data and the decrypted sensitive part in the Profile data into a complete Profile data packet.
Step 417: the key management system KMS receives a command issued by the subscription management data preparation server SM-DP + to encrypt the Profile data packet using a random key.
Step 419: the key management system KMS encrypts the entire Profile data packet using the random key, and stores the random key to the hardware security module HSM.
Step 421: the key management system KMS sends the encrypted Profile data packet and the random key ID to the subscription management data preparation server SM-DP +. In some embodiments, after the encrypted Profile packet is sent to the subscription management data preparation server SM-DP +, the subscription management data preparation server SM-DP + can perform the method flow and steps shown in fig. 8.
Referring to fig. 13, some embodiments disclose an internet of things terminal, including a memory 40 and a processor 41; the memory 40 is used for storing programs; the processor 41 is configured to execute the method for securely transmitting Profile data according to any embodiment of the program stored in the memory 40, for example, referring to fig. 14, the processor 41 can execute the following steps, or the method for securely transmitting Profile data executed by the processor 41 may include the following steps:
step 500: the terminal, i.e., the internet of things terminal shown in fig. 13, initiates an InitiateAuthentication request to the subscription management data preparation server SM-DP +.
Step 501: the terminal receives the InitiateAuthOk returned by the subscription management data preparation server SM-DP +.
Step 503: the terminal initiates an AuthenticateClient request to the subscription management data preparation server SM-DP +.
Step 505: the terminal receives AuthClientOk returned by the subscription management data preparation server SM-DP +.
Step 507: the terminal requests getbackprofilepage from the subscription management data preparation server SM-DP + so that: the subscription management data preparation server SM-DP + transmits a session key, an encrypted Profile data packet and a random key ID acquired by the interactive process (i.e. two interactive processes of an InitiateAuthentication request to an initiateauthOk and an autocataltecClient request to an AuthClientOk) with the terminal to the key management system KMS, the key management system KMS acquires a corresponding protected random key from the hardware security module HSM according to the random key ID and decrypts the encrypted Profile data packet by using the random key, and the key management system KMS uses the session key cycle to encrypt the decrypted Profile data packet by using the SCP03t algorithm and transmits the encrypted and bound Profile data packet to the subscription management data preparation server SM-DP +, so that the subscription management data preparation server SM-DP + can return GetBupOk to the terminal.
Step 509: the terminal receives GetPPPPok returned by the subscription management data preparation server SM-DP +.
In some embodiments, the encrypted Profile packet referred to in fig. 14 may be obtained by, for example, the method steps shown in fig. 4, fig. 7, fig. 10, or fig. 12.
The online Profile transmission participated by the hardware security module HSM is introduced, so that the whole process is safe and controllable, and the End-to-End (End-to-End) protection prevents all sensitive data from being acquired and leaked.
The method and the device can realize automation of single or batch code number (Profile) adding preparation and improve data transmission efficiency.
Reference is made herein to various exemplary embodiments. However, those skilled in the art will recognize that changes and modifications may be made to the exemplary embodiments without departing from the scope hereof. For example, the various operational steps, as well as the components used to perform the operational steps, may be implemented in differing ways depending upon the particular application or consideration of any number of cost functions associated with operation of the system (e.g., one or more steps may be deleted, modified or incorporated into other steps).
In the above embodiments, the implementation may be wholly or partially realized by software, hardware, firmware, or any combination thereof. Additionally, as will be appreciated by one skilled in the art, the principles herein may be reflected in a computer program product on a computer readable storage medium, which is pre-loaded with computer readable program code. Any tangible, non-transitory computer-readable storage medium may be used, including magnetic storage devices (hard disks, floppy disks, etc.), optical storage devices (CD-to-ROM, DVD, Blu-Ray discs, etc.), flash memory, and/or the like. These computer program instructions may be loaded onto a general purpose computer, special purpose computer, or other programmable data processing apparatus to produce a machine, such that the instructions which execute on the computer or other programmable data processing apparatus create means for implementing the functions specified. These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including means for implementing the function specified. The computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified.
While the principles herein have been illustrated in various embodiments, many modifications of structure, arrangement, proportions, elements, materials, and components particularly adapted to specific environments and operative requirements may be employed without departing from the principles and scope of the present disclosure. The above modifications and other changes or modifications are intended to be included within the scope of this document.
The foregoing detailed description has been described with reference to various embodiments. However, one skilled in the art will recognize that various modifications and changes may be made without departing from the scope of the present disclosure. Accordingly, the disclosure is to be considered in an illustrative and not a restrictive sense, and all such modifications are intended to be included within the scope thereof. Also, advantages, other advantages, and solutions to problems have been described above with regard to various embodiments. However, the benefits, advantages, solutions to problems, and any element(s) that may cause any element(s) to occur or become more pronounced are not to be construed as a critical, required, or essential feature or element of any or all the claims. As used herein, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, system, article, or apparatus. Furthermore, the term "coupled," and any other variation thereof, as used herein, refers to a physical connection, an electrical connection, a magnetic connection, an optical connection, a communicative connection, a functional connection, and/or any other connection.
Those skilled in the art will recognize that many changes may be made to the details of the above-described embodiments without departing from the underlying principles of the invention. Accordingly, the scope of the invention should be determined only by the claims.

Claims (14)

1. A secure transmission method of Profile data is characterized by comprising the following steps:
the key management system initiates a key ceremony and creates a pair of key pairs for operators;
the key management system stores the key pair to the hardware security module;
the subscription management data preparation server sends a message for requesting a key to a key management system according to the identifier of the operator;
the key management system initiates a message for requesting a corresponding key to the hardware security module;
the hardware security module returns a public key in the key pair and a corresponding key ID to the key management system;
the key management system returns the received public key and the corresponding key ID to the subscription management data preparation server, and the key ceremony is finished;
an operator sends a message requesting a public key to a subscription management data preparation server, wherein the public key is used for encrypting Profile data;
the subscription management data preparation server selects a corresponding public key according to the operator identifier and returns the public key to the operator;
an operator generates a symmetric key based on a session, encrypts a sensitive part of Profile data by using the symmetric key, encrypts the symmetric key by using a received public key, and then sends the encrypted Profile data and the encrypted symmetric key to a subscription management data preparation server;
the subscription management data preparation server returns a message that the addition of the Profile data is successful to the operator;
the subscription management data preparation server transmits the non-sensitive part in the Profile data to a key management system, and transmits the encrypted sensitive part in the Profile data and a key ID carrying a corresponding public key to the key management system;
the key management system acquires a corresponding protected private key from the hardware security module according to the key ID, decrypts the encrypted symmetric key by using the private key, and decrypts the encrypted sensitive part in the Profile data by using the decrypted symmetric key;
the subscription management data preparation server sends a command for splicing the Profile data to a key management system;
in response to a command for splicing the Profile data, the key management system synthesizes a non-sensitive part in the Profile data and a decrypted sensitive part in the Profile data into a complete Profile data packet;
the subscription management data preparation server sends a command of encrypting the Profile data packet by using a random key to a key management system;
in response to a command for encrypting the Profile data packet by using a random key, the key management system encrypts the whole Profile data packet by using the random key and stores the random key to the hardware security module;
the key management system sends the encrypted Profile data packet and the random key ID to a subscription management data preparation server;
the terminal initiates an InitiateAuthentication request to a subscription management data preparation server;
the subscription management data preparation server returns an InitiateAuthOk to the terminal;
the terminal initiates an authenticateClient request to a subscription management data preparation server;
the subscription management data preparation server returns AuthClientOk to the terminal;
the terminal requests a GetBundProfilePack from a subscription management data preparation server;
the subscription management data preparation server transmits a session key, an encrypted Profile data packet and a random key ID acquired in the interactive process of the subscription management data preparation server and the terminal to a key management system;
the key management system acquires a corresponding protected random key from the hardware security module according to the random key ID, and decrypts the encrypted Profile data packet by using the random key;
the key management system uses a session key to circularly encrypt the decrypted Profile data packet by using an SCP03t algorithm;
the key management system transmits the encrypted and bound Profile data packet to a subscription management data preparation server;
the subscription management data preparation server returns getppok to the terminal.
2. A secure transmission method of Profile data is characterized by comprising the following steps:
the subscription management data preparation server sends a message requesting a key to the key management system according to the identity of the operator, so that: the key management system initiates a message for requesting a corresponding key to the hardware security module, and receives a public key and a corresponding key ID in a key pair returned by the hardware security module to the key management system; the key of the operator is created for the operator when the key management system initiates a key ceremony and is stored in the hardware security module;
a subscription management data preparation server receives a public key and a corresponding secret key ID returned by a secret key management system;
a subscription management data preparation server receives a message which is sent by an operator and requests a public key, wherein the public key is used for encrypting Profile data;
the subscription management data preparation server selects a corresponding public key according to the operator identification and returns the public key to the operator so that the operator generates a session-based symmetric key, encrypts the sensitive part of the Profile data by using the symmetric key, and encrypts the symmetric key by using the received public key;
the subscription management data preparation server receives encrypted Profile data and an encrypted symmetric key transmitted by an operator;
the subscription management data preparation server transmits the non-sensitive part of the Profile data to the key management system, and transmits the encrypted sensitive part of the Profile data and the key ID carrying the corresponding public key to the key management system, so that: the key management system acquires a corresponding protected private key from the hardware security module according to the key ID, decrypts the encrypted symmetric key by using the private key, decrypts the encrypted sensitive part in the Profile data by using the decrypted symmetric key, and synthesizes the non-sensitive part in the Profile data and the decrypted sensitive part in the Profile data into a complete Profile data packet;
the subscription management data preparation server issues a command to the key management system to encrypt the Profile packet using the random key such that: the key management system encrypts the whole Profile data packet by using a random key and stores the random key to the hardware security module;
the subscription management data preparation server receives the encrypted Profile packet and the random key ID transmitted from the key management system.
3. The secure transmission method of claim 2, further comprising:
a subscription management data preparation server receives an InitiateAuthentication request initiated by a terminal;
the subscription management data preparation server returns an InitiateAuthOk to the terminal;
a subscription management data preparation server receives an AuthenticateClient request initiated by a terminal;
the subscription management data preparation server returns AuthClientOk to the terminal;
the subscription management data preparation server receives a request GetBundProfilePack initiated by a terminal;
the subscription management data preparation server transmits the session key, the encrypted Profile data packet and the random key ID acquired in the interactive process between the subscription management data preparation server and the terminal to a key management system so as to enable: the key management system acquires a corresponding protected random key from the hardware security module according to the random key ID, decrypts the encrypted Profile data packet by using the random key, and circularly encrypts the decrypted Profile data packet by using a session key by using an SCP03t algorithm;
the subscription management data preparation server receives an encrypted and bound Profile data packet transmitted by a key management system;
the subscription management data preparation server returns getppok to the terminal.
4. A secure transmission method of Profile data is characterized by comprising the following steps:
an operator sends a message requesting a public key to a subscription management data preparation server, wherein the public key is used for encrypting Profile data; the key pair is created by the key management system after the key pair is created, specifically, the key pair is stored to the hardware security module by the key management system, the subscription management data preparation server sends a message for requesting the key to the key management system according to the identifier of the operator, and the key management system sends a message for requesting the corresponding key to the hardware security module; the hardware security module returns a public key in the key pair and a corresponding key ID to the key management system, the key management system returns the received public key and the corresponding key ID to the subscription management data preparation server, and the key ceremony is finished;
the operator receives a corresponding public key selected according to the operator identity returned by the subscription management data preparation server;
the operator generates a session-based symmetric key, encrypts the sensitive part of the Profile data using the symmetric key, encrypts the symmetric key using the received public key, and then sends the encrypted Profile data and the encrypted symmetric key to the subscription management data preparation server, so that: the subscription management data preparation server transmits the non-sensitive part of the Profile data to the key management system, and transmitting the encrypted sensitive part in the Profile data and the key ID carrying the corresponding public key to a key management system, the key management system obtaining the corresponding protected private key from the hardware security module according to the key ID, decrypting the encrypted symmetric key by using the private key, decrypting the encrypted sensitive part in the Profile data by using the decrypted symmetric key, synthesizing the non-sensitive part in the Profile data and the decrypted sensitive part in the Profile data into a complete Profile data packet, encrypting the whole Profile data packet by using a random key, and storing the random key to the hardware security module, and sending the encrypted Profile data packet and the random key ID to a subscription management data preparation server.
5. The secure transmission method according to claim 4, wherein after the encrypted Profile packet is sent to the subscription management data preparation server, the method is capable of:
a subscription management data preparation server receives an InitiateAuthentication request initiated by a terminal;
the subscription management data preparation server returns an InitiateAuthOk to the terminal;
a subscription management data preparation server receives an AuthenticateClient request initiated by a terminal;
the subscription management data preparation server returns AuthClientOk to the terminal;
the subscription management data preparation server receives a request GetBundProfilePack initiated by a terminal;
the subscription management data preparation server transmits the session key, the encrypted Profile data packet and the random key ID acquired in the interactive process between the subscription management data preparation server and the terminal to a key management system so as to enable: the key management system acquires a corresponding protected random key from the hardware security module according to the random key ID, decrypts the encrypted Profile data packet by using the random key, and circularly encrypts the decrypted Profile data packet by using a session key by using an SCP03t algorithm;
the subscription management data preparation server receives an encrypted and bound Profile data packet transmitted by a key management system;
the subscription management data preparation server returns getppok to the terminal.
6. A secure transmission method of Profile data is characterized by comprising the following steps:
the key management system initiates a key ceremony and creates a pair of key pairs for operators;
the key management system stores the key pair to the hardware security module;
the key management system receives a message of requesting a key sent by a subscription management data preparation server according to the identifier of an operator;
the key management system initiates a message for requesting a corresponding key to the hardware security module;
the key management system receives a public key and a corresponding key ID in a key pair returned by the hardware security module;
the key management system returns the received public key and the corresponding key ID to the subscription management data preparation server, and the key ceremony is finished;
the key management system receives a non-sensitive part in the Profile data transmitted by the subscription management data preparation server, an encrypted sensitive part in the Profile data and a key ID carrying a corresponding public key; wherein the non-sensitive part in the Profile data, the encrypted sensitive part in the Profile data, and the key ID carrying the corresponding public key are received by the subscription management data preparation server from the operator, specifically: an operator sends a message requesting a public key to a subscription management data preparation server, wherein the public key is used for encrypting Profile data; the subscription management data preparation server selects a corresponding public key according to the operator identifier and returns the public key to the operator; an operator generates a symmetric key based on a session, encrypts a sensitive part of Profile data by using the symmetric key, encrypts the symmetric key by using a received public key, and then sends the encrypted Profile data and the encrypted symmetric key to a subscription management data preparation server;
the key management system acquires a corresponding protected private key from the hardware security module according to the key ID, decrypts the encrypted symmetric key by using the private key, and decrypts the encrypted sensitive part in the Profile data by using the decrypted symmetric key;
the key management system synthesizes the non-sensitive part in the Profile data and the decrypted sensitive part in the Profile data into a complete Profile data packet;
the key management system receives a command which is sent by a subscription management data preparation server and used for encrypting the Profile data packet by using a random key;
the key management system encrypts the whole Profile data packet by using a random key and stores the random key to the hardware security module;
and the key management system sends the encrypted Profile data packet and the random key ID to a subscription management data preparation server.
7. The secure transmission method according to claim 6, wherein the key management system transmits the encrypted Profile packet and the random key ID to the subscription management data preparation server so that:
a subscription management data preparation server receives an InitiateAuthentication request initiated by a terminal;
the subscription management data preparation server returns an InitiateAuthOk to the terminal;
a subscription management data preparation server receives an AuthenticateClient request initiated by a terminal;
the subscription management data preparation server returns AuthClientOk to the terminal;
the subscription management data preparation server receives a request GetBundProfilePack initiated by a terminal;
the subscription management data preparation server transmits the session key, the encrypted Profile data packet and the random key ID acquired in the interactive process between the subscription management data preparation server and the terminal to a key management system so as to enable: the key management system acquires a corresponding protected random key from the hardware security module according to the random key ID, decrypts the encrypted Profile data packet by using the random key, and circularly encrypts the decrypted Profile data packet by using a session key by using an SCP03t algorithm;
the subscription management data preparation server receives an encrypted and bound Profile data packet transmitted by a key management system;
the subscription management data preparation server returns getppok to the terminal.
8. A secure transmission method of Profile data is characterized by comprising the following steps:
the terminal initiates an InitiateAuthentication request to a subscription management data preparation server;
the terminal receives the InitiateAuthok returned by the subscription management data preparation server;
the terminal initiates an authenticateClient request to a subscription management data preparation server;
the terminal receives AuthClientOk returned by the subscription management data preparation server;
the terminal requests getbackprofilepacket from the subscription management data preparation server so that: the subscription management data preparation server transmits a session key, an encrypted Profile data packet and a random key ID acquired in the process of interacting with the terminal to a key management system, the key management system acquires a corresponding protected random key from a hardware security module according to the random key ID, decrypts the encrypted Profile data packet by using the random key, encrypts the decrypted Profile data packet by using SCP03t algorithm by using session key circulation, and transmits the encrypted and bound Profile data packet to the subscription management data preparation server, so that the subscription management data preparation server can return GetBupOk to the terminal;
the terminal receives getppok returned by the subscription management data preparation server.
9. The secure transmission method according to claim 6, wherein the encrypted Profile packet is obtained by the following steps:
the key management system initiates a key ceremony and creates a pair of key pairs for operators;
the key management system stores the key pair to the hardware security module;
the subscription management data preparation server sends a message for requesting a key to a key management system according to the identifier of the operator;
the key management system initiates a message for requesting a corresponding key to the hardware security module;
the hardware security module returns a public key in the key pair and a corresponding key ID to the key management system;
the key management system returns the received public key and the corresponding key ID to the subscription management data preparation server, and the key ceremony is finished;
an operator sends a message requesting a public key to a subscription management data preparation server, wherein the public key is used for encrypting Profile data;
the subscription management data preparation server selects a corresponding public key according to the operator identifier and returns the public key to the operator;
an operator generates a symmetric key based on a session, encrypts a sensitive part of Profile data by using the symmetric key, encrypts the symmetric key by using a received public key, and then sends the encrypted Profile data and the encrypted symmetric key to a subscription management data preparation server;
the subscription management data preparation server returns a message that the addition of the Profile data is successful to the operator;
the subscription management data preparation server transmits the non-sensitive part in the Profile data to a key management system, and transmits the encrypted sensitive part in the Profile data and a key ID carrying a corresponding public key to the key management system;
the key management system acquires a corresponding protected private key from the hardware security module according to the key ID, decrypts the encrypted symmetric key by using the private key, and decrypts the encrypted sensitive part in the Profile data by using the decrypted symmetric key;
the subscription management data preparation server sends a command for splicing the Profile data to a key management system;
in response to a command for splicing the Profile data, the key management system synthesizes a non-sensitive part in the Profile data and a decrypted sensitive part in the Profile data into a complete Profile data packet;
the subscription management data preparation server sends a command of encrypting the Profile data packet by using a random key to a key management system;
in response to a command for encrypting the Profile data packet by using a random key, the key management system encrypts the whole Profile data packet by using the random key and stores the random key to the hardware security module;
and the key management system sends the encrypted Profile data packet and the random key ID to a subscription management data preparation server.
10. A subscription management data preparation server, comprising:
a memory for storing a program;
a processor for implementing the secure transmission method of Profile data according to claim 2 or 3 by executing the program stored in the memory.
11. An operator system, comprising:
a memory for storing a program;
a processor for implementing the secure transmission method of Profile data according to claim 4 or 5 by executing the program stored in the memory.
12. A key management system, comprising:
a memory for storing a program;
a processor for implementing the secure transmission method of Profile data according to claim 6 or 7 by executing the program stored in the memory.
13. An internet of things terminal, comprising:
a memory for storing a program;
a processor for implementing the secure transmission method of Profile data according to claim 8 or 9 by executing the program stored in the memory.
14. A computer-readable storage medium, characterized in that a program is stored thereon, the program being executable by a processor to implement the method for secure transmission of Profile data according to any one of claims 1 to 9.
CN202080027008.0A 2020-12-30 2020-12-30 Safety transmission method and corresponding device for Profile data Active CN113785547B (en)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2020/141257 WO2022141157A1 (en) 2020-12-30 2020-12-30 Secure transmission method of profile data and corresponding apparatuses

Publications (2)

Publication Number Publication Date
CN113785547A true CN113785547A (en) 2021-12-10
CN113785547B CN113785547B (en) 2023-06-23

Family

ID=78835366

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202080027008.0A Active CN113785547B (en) 2020-12-30 2020-12-30 Safety transmission method and corresponding device for Profile data

Country Status (2)

Country Link
CN (1) CN113785547B (en)
WO (1) WO2022141157A1 (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107211270A (en) * 2015-02-13 2017-09-26 格马尔托股份有限公司 Method, corresponding terminal for eUICC long-range subscription management
CN110248358A (en) * 2019-07-03 2019-09-17 深圳杰睿联科技有限公司 ESIM management method and system based on Internet of Things
CN110268730A (en) * 2017-02-09 2019-09-20 奥兰治 For managing the technology of the subscription to operator
CN110505619A (en) * 2019-09-12 2019-11-26 江苏恒宝智能系统技术有限公司 A kind of data transmission method in eSIM Remote configuration
CN111935704A (en) * 2020-09-14 2020-11-13 深圳杰睿联科技有限公司 Profile downloading method, device and equipment

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109495874B (en) * 2018-12-28 2020-06-02 恒宝股份有限公司 Profile downloading method and device
CN110113741A (en) * 2019-04-26 2019-08-09 深圳杰睿联科技有限公司 ESIM card activating method and system

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107211270A (en) * 2015-02-13 2017-09-26 格马尔托股份有限公司 Method, corresponding terminal for eUICC long-range subscription management
CN110268730A (en) * 2017-02-09 2019-09-20 奥兰治 For managing the technology of the subscription to operator
CN110248358A (en) * 2019-07-03 2019-09-17 深圳杰睿联科技有限公司 ESIM management method and system based on Internet of Things
CN110505619A (en) * 2019-09-12 2019-11-26 江苏恒宝智能系统技术有限公司 A kind of data transmission method in eSIM Remote configuration
CN111935704A (en) * 2020-09-14 2020-11-13 深圳杰睿联科技有限公司 Profile downloading method, device and equipment

Also Published As

Publication number Publication date
CN113785547B (en) 2023-06-23
WO2022141157A1 (en) 2022-07-07

Similar Documents

Publication Publication Date Title
US20220014524A1 (en) Secure Communication Using Device-Identity Information Linked To Cloud-Based Certificates
US8059818B2 (en) Accessing protected data on network storage from multiple devices
EP2912815B1 (en) Method and apparatus for securing a connection in a communications network
CN111431713B (en) Private key storage method and device and related equipment
CN111327583B (en) Identity authentication method, intelligent equipment and authentication server
US10503918B2 (en) Process to access a data storage device of a cloud computer system
CN111615105B (en) Information providing and acquiring method, device and terminal
US8495383B2 (en) Method for the secure storing of program state data in an electronic device
CN103237305B (en) Password protection method for smart card on facing moving terminal
CN110858969A (en) Client registration method, device and system
US10050944B2 (en) Process to access a data storage device of a cloud computer system with the help of a modified Domain Name System (DNS)
EP2879421B1 (en) Terminal identity verification and service authentication method, system, and terminal
CN109547464A (en) For storing and executing the method and device of access control clients
CN108809633B (en) Identity authentication method, device and system
KR20150079489A (en) Instant messaging method and system
CN112766962A (en) Method for receiving and sending certificate, transaction system, storage medium and electronic device
CN110149354A (en) A kind of encryption and authentication method and device based on https agreement
CN102404337A (en) Data encryption method and device
CN113411187A (en) Identity authentication method and system, storage medium and processor
US11050722B2 (en) Information processing device, program, and information processing method
US11070978B2 (en) Technique for authenticating a user device
CN112995090B (en) Authentication method, device and system for terminal application and computer readable storage medium
KR101172876B1 (en) System and method for performing mutual authentication between user terminal and server
CN113785547B (en) Safety transmission method and corresponding device for Profile data
CN104243291A (en) Instant messaging method and system thereof capable of guaranteeing safety of user communication content

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant